Hacking & Security Posts - Page 46

The fight against Internet piracy will lead to increased pressure on public schools, libraries and ISPs offering Wi-Fi service, as copyright holders and the government try to limit access to pirated material. The Australian government is currently amending its Copyright Act that will force ISPs to blacklist overseas-based websites found to be hosting pirated music, movies, and other copyrighted material.

The Australian Communications and Media Authority will receive registration of the new unique code, and force ISPs to carry out "reasonable steps" that puts increased burden on their shoulders. However, critics want safeguards put in place to ensure copyright holders don't abuse the new system - and prevent covert censorship efforts.

"The code will not include any sanctions to be imposed by ISPs on their customers - we believe that the copyright holders are the appropriate party to take any enforcement action against persistent infringers," said John Stanton, Communications Alliance chief. "But we are optimistic that the sending of notices by ISPs to consumers whose service has apparently been used for improper file-sharing will be a powerful signal."

Major technology companies want to hire hackers to help identify potential software vulnerabilities before products are released - and real cybercriminals are able to exploit any problems. The "bug bounties" program is being embraced by Facebook, Mozilla, Google and other major Silicon Valley companies, providing thousands of dollars to help identify bugs.

"The trajectory we're on now is completely unsustainable," said Vikram Phatek, NSS Labs CEO, when discussing the current cybersecurity landscape. "There will not be a person in the country who will not have a compromised computer if this goes on. We are ripe for having a major catastrophe."

Despite some resistance from companies weary of paying outside sources to identify security flaws, trying to prevent cybersecurity data breaches will remain a major effort. However, compromising widely used software is a lucrative effort for cybercriminals, with more money seemingly available on the black market.

The United States is increasing its shift towards chip-and-PIN technology to meet an October 2015 deadline, but the transition has been far from easy for many businesses. It turns out 69 percent of SMBs doubt they will be able to meet the late 2015 deadline, with confusion about the technology. In fact, 26 percent of survey respondents from SMBs couldn't identify what an EMV (Europay, MasterCard and Visa) terminal is, according to Software Advice report.

The EMV technology also will prove to be rather confusing for consumers, as 88 percent of US consumers have never made a purchase at an EMV terminal.

"EMV technology is coming to the U.S., but it won't be a smooth transition," said Daniel Humphries, Software Advice IT security researcher, in a statement. "Large firms may be aware of the liability shift and what it requires, but our data shows that only a small percentage of SMBs are prepared. However, there is still plenty of time for SMBs to prepare for the chip-and-pin changeover, and take matters into their own hands. This even represents a golden opportunity for merchants to make their businesses more secure from fraud."

As people spend more money this Christmas shopping season, 44 percent of consumers are ordering presents online - and cybercriminals continue to look for new methods to compromise victims. Cybercriminals have ramped up their social engineering attacks, launching phishing campaigns on email addresses, with cybersecurity experts continuing to warn shoppers about fraudulent emails.

Cybercriminals have shown increased interest in mimicking delivery updates, pose as retailers or banks, and some of the emails are surprisingly clever.

"It's seasonal - hackers will use the season to take advantage of you," said Claire Rosenzweig, Better Business Bureau president and CEO. "Everybody's all excited. They're shopping, they're shipping and scammers love this because we're all trusting."

Things just seem to be getting worse for Sony Pictures Entertainment, with cybersecurity experts now estimating SPE could face up to $100 million in costs related to its data breach. The total will account for lost worker productivity, an investigation into the incident, computer network repair and replacement, along with creating protocols to prevent a future data breach.

The estimate would have been significantly higher than $100 million if customer data was involved.

SPE's reputation will also take a major hit because of the data breach, including trying to recruit new actors and employees. "Will they be able to attract high-name stars if those stars believe their personal information will not be protected?" said Mark Rasch, a former federal cybercrime prosecutor. "How do you know what business opportunities are lost? It's hard to put a dollar figure on it."

A nasty self-replicating ransomware, dubbed "VirRansom," is now making the rounds - utilizing the functionality of CryptoWall and Cryptolocker, able to self-replicate after infecting machines. Victims must pay 0.619 bitcoin before files are restored, as it compromises machines. The VirRansom parasitic virus encrypts hundreds or thousands of files on each PC, with criminals ensuring they are able to continually change encryption keys.

"Ransomware gets nastier all the time," said Stu Sjouwerman, KnowBe4 CEO, in a press statement. We can expect a VirRansom 2.0 with 'new features' like industrial-strength CryptoWall-like encryption where files are held hostage until payment is made and email server infections where emails are converted to a worm for maximum dissemination of their malicious code. The legal ramifications could be horrific."

Unfortunately, hackers are having their way with networks, while consumers are becoming more desensitized due to the large number of users being victimized.

"Obviously it's not something that anybody wants, for any of the partners," Slatoff recently said. "We certainly wouldn't want it for Sony or Microsoft or Steam or us for that matter. Or any of our competitors. Sadly, it's a reality of life. And I think it's a reality of connected networks."

Companies are desperate to find new solutions to keep their networks safe from cyberattacks, and there is a strategy that can be utilized: assume a data breach has occurred, with foreign cybercriminals or government snooping behind the breach. This allows companies to take a unique angle in trying to defend their networks, fixing problems that potentially make it easier for criminals to gain access.

"You must assume something is going on and you have to start looking for it," said Patty Hatter, McAfee CIO and senior VP of operations. "Be paranoid - it helps."

As cyberattacks continue to evolve, companies struggle to teach employees on accurately defending against phishing attacks. Trying to keep a network 100 percent secure is virtually impossible, so business leaders need to make sure data is properly backed up, security protocols are constantly upgraded, and security holes are fixed as soon as they are found.

The FBI has tried to crack down on the Anonymous hacker collective, including turning a former high-ranking member into an informant - but the group is still alive and well. Hector Monsegur, operating under the hacker name of "Sabu," admits to a large number of attacks against select targets.

Since being flipped by the FBI, Sabu spent three years communicating with Anonymous and LulzSec members, with the government listening in. His actions reportedly helped prevent more than 300 major cyberattacks against government and NASA PCs and networks.

Sabu says he didn't identify Anonymous members and turn them over to the FBI - and cooperated to help identify attacks, and work to prevent them in the future. "It wasn't a situation where I identified anybody. I didn't point my fingers at nobody. My cooperation entailed logging and providing intelligence. It didn't mean, 'Can you please tell me the identity of one of your mates?'"

China and Russia are two of the largest cyberespionage threats to the Western world, but countries like North Korea are able to cause significant damage on relatively modest budgets, cybersecurity experts warn.

As witnessed by the successful breach of Sony Pictures Entertainment, which has caused the company significant financial damage - and continued downtime - foreign attackers are finding easy targets to compromise. In North Korea, the reported 1,800 members of Bureau 121, the secret North Korean hacker brigade, live a pampered lifestyle in Pyongyang - with high levels of motivation to carry out cyberattacks.

"While North Korea's massive conventional forces have been declining due to aging and lack of resources... North Korea is emphasizing the development of its asymmetric capabilities," said Gen. Curtis Scaparrotti, United States Forces Korea commander. "Cyber warfare is an important asymmetric dimension of conflict that North Korea will probably continue to emphasize - in part because of its deniability and low relative costs."